A security update for WordPress was released earlier today. Version 2.8.5 offers some code cleanup, as well as a fix for the trackback DOS attacks that had been discovered recently. If you think you’ve been effected by one of the exploits attacking WordPress sites, the WordPress Exploit Scanner is being recommended by WordPress. The Exploit Scanner has been updated as of today, and is available for download here.
The update to version 2.8.5 includes the following:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
I’ve already updated this blog, and used the Automatic update option available through the WordPress Dashboard. I receive daily database updates thanks to the WordPress Database Backup, so my updates are fast and easy. This one didn’t present any compatibility issues with my plugins, and went very smoothly.
I will be updating all my client sites and then all of my own sites within the next few hours. I highly recommend all WordPress users update to the latest version ASAP. Remember what we learned last month about WordPress Security… keeping your WordPress install up to date is the absolute best security defense.